CVE-2022-29835

Name of the Vulnerable Software and Affected Versions Western Digital WD Discovery versions prior to 4.4.396

Description The WD Discovery software executable files were signed with an unsafe SHA-1 hashing algorithm, which is not collision-free. This weakness could be exploited by an attacker to create forged certificate signatures, potentially impacting the confidentiality of user content.

Recommendations For versions prior to 4.4.396, update to version 4.4.396 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive user content until the update is applied.